AWS Security ChangesHomeSearch

AWS AmazonCloudWatch documentation change

Service: AmazonCloudWatch · 2026-06-25 · Documentation low

File: AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md

Summary

Updated wording for clarity ('utilizing'→'using', 'facilitate'→'help') and fixed apostrophe in 'canary's'

Security assessment

Changes are linguistic improvements without security implications. IAM policy descriptions remain functionally unchanged with no new security controls added.

Diff

diff --git a/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md b/AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md
index 3d392c318..f6a8037d4 100644
--- a//AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md
+++ b//AmazonCloudWatch/latest/monitoring/managed-policies-cloudwatch.md
@@ -62 +62 @@ AIOpsAssistantPolicy – Updated policy |  CloudWatch updated the **AIOpsAssista
-[ CloudWatchNetworkMonitorServiceRolePolicy](./security-iam-awsmanpol-nw.html#security-iam-CloudWatchNetworkMonitorServiceRolePolicy) – Updated policy |  CloudWatch added the `ec2:DescribeRouteTables`, `ec2:DescribeTransitGatewayAttachments`, `ec2:DescribeTransitGatewayRouteTables`, `ec2:SearchTransitGatewayRoutes` permissions to the **CloudWatchNetworkMonitorServiceRolePolicy** managed policy to grant permissions for Network Synthetic Monitor to generate the Network Health Indicator values for customers utilizing Transit Gateways. | December 12, 2025  
+[ CloudWatchNetworkMonitorServiceRolePolicy](./security-iam-awsmanpol-nw.html#security-iam-CloudWatchNetworkMonitorServiceRolePolicy) – Updated policy |  CloudWatch added the `ec2:DescribeRouteTables`, `ec2:DescribeTransitGatewayAttachments`, `ec2:DescribeTransitGatewayRouteTables`, `ec2:SearchTransitGatewayRoutes` permissions to the **CloudWatchNetworkMonitorServiceRolePolicy** managed policy to grant permissions for Network Synthetic Monitor to generate the Network Health Indicator values for customers using Transit Gateways. | December 12, 2025  
@@ -102 +102 @@ CloudWatchSyntheticsFullAccess – Update to an existing policy |  CloudWatch up
-  * `logs:FilterLogEvents` – Required to view logs in a canary’s log group.
+  * `logs:FilterLogEvents` – Required to view logs in a canary's log group.
@@ -265 +265 @@ The **AIOpsConsoleAdminPolicy** policy grants full access to all CloudWatch inve
-  * The `organizations`, `sso`, `identitystore`, and `sts` permissions allow actions needed for IAM Identity Center management which facilitate identity-aware sessions. 
+  * The `organizations`, `sso`, `identitystore`, and `sts` permissions allow actions needed for IAM Identity Center management which help identity-aware sessions. 
@@ -292 +292 @@ This policy only provides access to investigations. You should be sure that IAM
-  * The `sso-directory`, `sso`, `identitystore`, and `sts` permissions allow actions needed for IAM Identity Center management which facilitate identity-aware sessions. 
+  * The `sso-directory`, `sso`, `identitystore`, and `sts` permissions allow actions needed for IAM Identity Center management which help identity-aware sessions. 
@@ -309 +309 @@ The **AIOpsReadOnlyAccess** policy grants read-only permissions for CloudWatch i
-  * The `sso` permissions allow actions needed for IAM Identity Center management which facilitate identity-aware sessions. 
+  * The `sso` permissions allow actions needed for IAM Identity Center management which help identity-aware sessions.